ACID 1.0 RC1 - Archive Problem

["Chris Kuivenhoven" <chris () kive net>]

Hello,

 

I have Snort, Acid, and SnortCenter all running without a problem, with
one exception. I've read through the FAQ's, manuals, and searched
through several mailing list archives, but I'm just not finding anything
that documents anything about the archive feature. I have tried hacking
around with it, but I'm not getting anywhere. I really appreciate any
help that you may give me.

 

I have Snort logging into a MySQL database "snort", which Acid is using
for it's main database. The archive database is "snort_archive". The
same user is configured with the same password for both databases, and
The "snort" database works without any problem that I can tell. The
"snort_archive" database contains no tables or records. My snort user
also has the same grants on each database.

 

When I am in Acid, and I select alerts to archive (move), I receive the
following error:

 

Fatal error: Call to a member function on a non-object in
/var/www/html/acid/acid_db.inc on line 93

 

Relevant lines from /var/www/html/acid/acid_db.inc:

 

84:     $sql = "SELECT vseq FROM schema";

85:     if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM
[schema]";

86:     $result = $this->DB->Execute($sql);

87:     if ( $this->acidErrorMessage != "" )

88:        $this->version = 0;

89:     else

90:     {

91:       $myrow = $result->fields;

92:        $this->version = $myrow[0];

93:        $result->Close();

 

The only file I have modified in the acid distribution is acid_conf.php,
relevant options (sanitized) below:

 

$DBlib_path = "/var/www/html/adodb";

$DBtype = "mysql";

$alert_dbname   = "snort";

$alert_host     = "localhost";

$alert_port     = "";

$alert_user     = "snortuser";

$alert_password = "snortuserpassword";

$archive_dbname   = "snort_archive";

$archive_host     = "localhost";

$archive_port     = "";

$archive_user     = "snortuser";

$archive_password = "snortuserpassword";

$db_connect_method = 1;

$use_referential_integrity = 0;

$ChartLib_path = "/var/www/html/phplot-4.4.6";

$debug_mode = 0;

$debug_time_mode = 1;

$html_no_cache = 1;

$sql_trace_mode = 0;

$sql_trace_file = "";

$portscan_file = "/var/log/snort";

 

Everything was installed from scratch, no upgrades. All relevant
libraries are installed, no compilation or configuration errors were
noted.

 

Specs:

 

RedHat Linux 7.3

snort 2.0.0

snortcenter 1.0 RC1

snortcenter-agent 1.0 RC1

acid 0.9.6 beta 23

adodb 3.40

mysql 3.23.56

 

TIA,

 

-Chris